Security+ Terms and Acronyms

Greg Palmer — Mon, 12 Dec 2016 19:19:28 +0000

Terms and Acronyms Used in Security+

Term	Acronym
Triple Digital Encryption Standard	3DES
Authentication, Authorization and Accounting	AAA
Access Control List	ACL
Advanced Encryption Standard	AES
Advanced Encryption Standards 256-bit	AES256
Authentication Header	AH
Annualized Loss Expectancy	ALE
Access Point	AP
Application Programming Interface	API
Advanced Persistent Threat	APT
Annualized Rate of Occurrence	ARO
Address Resolution Protocol	ARP
Address Space Layout Randomization	ASLR
Application Service Provider	ASP
Acceptable Use Policy	AUP
Antivirus	AV
Business Availability Center	BAC
Business Continuity Planning	BCP
Business Impact Analysis	BIA
Basic Input/Output System	BIOS
Business Partners Agreement	BPA
Bridge Protocol Data Unit	BPDU
Bring Your Own Device	BYOD
Certificate Authority	CA
Common Access Card	CAC
Controller Area Network	CAN
Completely Automated Public Turing test to tell Computers and Humans Apart	CAPTCHA
Corrective Action Report	CAR
Counter-mode/CBC-MAC Protocol	CCMP
Closed-Circuit Television	CCTV
Computer Emergency Response Team	CERT
Cipher Feedback	CFB
Challenge Handshake Authentication Protocol	CHAP
Chief Information Officer	CIO
Computer Incident Response Team	CIRT
Content Management System	CMS
Continuity Of Operation Planning	COOP
Contingency Planning	CP
Cyclical Redundancy Check	CRC
Certificate Revocation List	CRL
Customer Relationship Management	CRM
Chief Security Officer	CSO
Cloud Service Provider	CSP
Certificate Signing Request	CSR
Cross-Site Request Forgery	CSRF
Channel Service Unit	CSU
Chief Technology Officer	CTO
Discretionary Access Control	DAC
Database Administrator	DBA
Distributed Denial of Service	DDoS
Data Execution Prevention	DEP
Digital Encryption Standard	DES
Dynamic Host Configuration Protocol	DHCP
Data-Handling Electronics	DHE
Diffie-Hellman Ephemeral	DHE
Dynamic Link Library	DLL
Data Loss Prevention	DLP
Demilitarized Zone	DMZ
Destination Network Address Transaction	DNAT
Domain Name Service (Server)	DNS
Denial of Service	DoS
Disaster Recovery Plan	DRP
Digital Signature Algorithm	DSA
Digital Subscriber Line	DSL
Data Service Unit	DSU
Extensible Authentication Protocol	EAP
Elliptic Curve Cryptography	ECC
Elliptic Curve Diffie-Hellman Exchange	ECDHE
Elliptic Curve Digital Signature Algorithm	ECDSA
Encrypted File System	EFS
Electromagnetic Interference	EMI
Enterprise Resource Planning	ERP
Electronic Serial Number	ESN
Encapsulated Security Payload	ESP
File system Access Control List	FACL
Full Disk Encryption	FDE
Fully Qualified Domain Name	FQDN
False Rejection Rate	FRR
File Transfer Protocol	FTP
Secured File Transfer Protocol	FTPS
Galois Counter Mode	GCM
GNU Privacy Guard	GPG
Group Policy Object	GPO
Global Positioning System	GPS
Graphic Processing Unit	GPU
Generic Routing Encapsulation	GRE
High Availability	HA
Hard Disk Drive	HDD
Host-based Intrusion Detection System	HIDS
Host-based Intrusion Prevention System	HIPS
Hashed Message Authentication Code	HMAC
HMAC-based One Time Password	HOTP
Hardware Security Module	HSM
Hot Standby Router Protocol	HSRP
Hypertext Markup Language	HTML
Hypertext Transfer Protocol	HTTP
Hypertext Transfer Protocol over SSL	HTTPS
Heating, Ventilation and Air Conditioning	HVAC
Infrastructure as a Service	IaaS
Internet Control Message Protocol	ICMP
Industrial Control Systems	ICS
Identification	ID
International Data Encryption Algorithm	IDEA
Intermediate Distribution Frame	IDF
Identity Provider	IdP
Intrusion Detection System	IDS
Internet Key Exchange	IKE
Instant Messaging	IM
Internet Message Access Protocol v4	IMAP4
Internet of Things	IoT
Internet Protocol	IP
Internet Protocol Security	IPSec
Incident Response	IR
Internet Relay Chat	IRC
Incident Response Procedure	IRP
Interconnection Security Agreement	ISA
Internet Service Provider	ISP
Information Systems Security Officer	ISSO
IT Contingency Plan	ITCP
Initialization Vector	IV
Just a Bunch Of Disks	JBOD
Key Distribution Center	KDC
Key Encryption Key	KEK
Layer 2 Tunneling Protocol	L2TP
Local Area Network	LAN
Lightweight Directory Access Protocol	LDAP
Lightweight Extensible Authentication Protocol	LEAP
Monitoring as a Service	MaaS
Mandatory Access Control or Media Access Control	MAC
Message Authentication Code	MAC
Metropolitan Area Network	MAN
Master Boot Record	MBR
Message Digest 5	MD5
Main Distribution Frame	MDF
Man-In-The-Middle	MITM
Memorandum Of Understanding	MOU
Multi-Protocol Layer Switch	MPLS
Microsoft Challenge Handshake Authentication Protocol	MSCHAP
Mean Time Between Failures	MTBF
Mean Time To Recover	MTTR
Mean Time To Failure	MTTF
Maximum Transmission Unit	MTU
Network Access Control	NAC
Network Address Translation	NAT
Non-Disclosure Agreement	NDA
Near Field Communication	NFC
Network-based Intrusion Detection System	NIDS
Network-based Intrusion Prevention System	NIPS
National Institute of Standards and Technology	NIST
Network Operating System	NOS
New Technology File System	NTFS
New Technology LANMAN	NTLM
Network Time Protocol	NTP
Open Authorization	OAUTH
Online Certificate Status Protocol	OCSP
Open License Agreement	OLA
Operating System	OS
Open Vulnerability Assessment Language	OVAL
Peer to Peer	P2P
Proxy Auto Configuration	PAC
Pluggable Authentication Modules	PAM
Password Authentication Protocol	PAP
Port Address Translation	PAT
Password-Based Key Derivation Function 2	PBKDF2
Private Branch Exchange	PBX
Packet Capture	PCAP
Protected Extensible Authentication Protocol	PEAP
Personal Electronic Device	PED
Perfect Forward Secrecy	PFS
Pretty Good Privacy	PGP
Personally Identifiable Information	PII
Personal Identity Verification	PIV
Public Key Infrastructure	PKI
Plain Old Telephone Service	POTS
Point-to-Point Protocol	PPP
Point-to-Point Tunneling Protocol	PPTP
Pre-Shared Key	PSK
Pan-Tilt-Zoom	PTZ
Recovery Agent	RA
Registration Authority	RA
Rapid Application Development	RAD
Remote Authentication Dial-In User Server	RADIUS
Redundant Array of Inexpensive Disks	RAID
Remote Access Server	RAS
Role-Based Access Control	RBAC
Rule-Based Access Control	RBAC
RSA Variable Key Size Encryption Algorithm	RC4
Remote Desktop Protocol	RDP
Integrity Primitives Evaluation Message Digest	RIPEMD RACE
Return On Investment	ROI
Recovery Point Objective	RPO
Rivest, Shamir and Adleman	RSA
Remote Triggered Black Hole	RTBH
Recovery Time Objective	RTO
Real-time Transport Protocol	RTP
Secure/Multipurpose Internet Mail Extensions	S/MIME
Security Assertions Markup Language	SAML
Software as a Service	SaaS
Storage Area Network	SAN
System Control and Data Acquisition	SCADA
Security Content Automation Protocol	SCAP
Simple Certificate Enrollment Protocol	SCEP
Small Computer System Interface	SCSI
Software Development Life Cycle	SDLC
Software Development Life Cycle Methodology	SDLM
Structured Exception Handler	SEH
Secure Hashing Algorithm	SHA
Secured File Transfer Protocol	SFTP
Secure Hypertext Transfer Protocol	SHTTP
Security Information and Event Management	SIEM
Subscriber Identity Module	SIM
Service Level Agreement	SLA
Single Loss Expectancy	SLE
Short Message Service	SMS
Simple Mail Transfer Protocol	SMTP
Simple Mail Transfer Protocol Secure	SMTPS
Simple Network Management Protocol	SNMP
Simple Object Access Protocol	SOAP
Synchronous Optical Network Technologies	SONET
Spam over Internet Messaging	SPIM
Structured Query Language	SQL
Solid State Drive	SSD
Secure Shell	SSH
Secure Sockets Layer	SSL
Single Sign-On	SSO
Shielded Twisted Pair or Spanning Tree Protocol	STP
Terminal Access Controller Access Control System Plus	TACACS+
Transmission Control Protocol/Internet Protocol	TCP/IP
Trivial File Transfer Protocol	TFTP
Ticket Granting Ticket	TGT
Temporal Key Integrity Protocol	TKIP
Transport Layer Security	TLS
Time-based One-Time Password	TOTP
Trusted Platform Module	TPM
Transaction Signature	TSIG
User Acceptance Testing	UAT
Unified Extensible Firmware Interface	UEFI
User Datagram Protocol	UDP
Uninterruptable Power Supply	UPS
Uniform Resource Identifier	URI
L Universal Resource Locator	UR
Universal Serial Bus	USB
Unified Threat Management	UTM
Unshielded Twisted Pair	UTP
Virtualization Desktop Infrastructure	VDI
Virtual Local Area Network	VLAN
Variable Length Subnet Masking	VLSM
Virtual Machine	VM
Voice over IP	VoIP
Virtual Private Network	VPN
Video Teleconferencing	VTC
Web-Application Firewall	WAF
Wireless Access Point	WAP
Wired Equivalent Privacy	WEP
Wireless Intrusion Detection System	WIDS
Wireless Intrusion Prevention System	WIPS
WiFi Protected Access	WPA
WiFi Protected Access 2	WPA2
WiFi Protected Setup	WPS
Wireless TLS	WTLS
Extensible Markup Language	XML
Cross-Site Request Forgery	XSRF
Cross-Site Scripting	XSS

References

CompTIA Security+ Certification Exam Objectives

Disclaimer

The post Security+ Terms and Acronyms appeared first on .

Security+ SY0-401 General Information & Characteristics

Greg Palmer — Mon, 12 Dec 2016 18:17:10 +0000

Security+ General Information

The CompTIA Security+ Certification is often a first step towards more advanced security certifications.

About

The CompTIA Security+ certification is a vendor-neutral, internationally recognized credential used by organizations and security professionals around the globe to validate foundation level security skills and knowledge. Candidates are encouraged to use this document to help prepare for CompTIA security+ SY0-401, which measures necessary skills for IT security professionals. These content examples are meant to clarify the test objectives and should not be construed as a comprehensive listing of all content in this examination. Successful candidates will have the knowledge required to:

• Identify risk
• Participate in risk mitigation activities
• Provide infrastructure, application, information and operational security
• Apply security controls to maintain confidentiality, integrity and availability
• Identify appropriate technologies and products
• Troubleshoot security events and incidents
• Operate with an awareness of applicable policies, laws and regulations

EXAM ACCREDITATION: CompTIA Security+ is accredited by ANSI to show compliance with the ISO 17024 Standard and, as such, the exam objectives undergo regular reviews and updates.
EXAM DEVELOPMENT: CompTIA exams result from subject matter expert workshops and industry-wide survey results regarding the skills and knowledge required of an IT professional.

What this information is not

There are no test questions to be found here. All information contained on this site is readily available through various print and internet sources. The information published on this site is provided strictly for the purpose of assisting in preparing for the Security + Certification exam. The information provided is accurate and up-to-date to the best of my knowledge at the date it was published. Zymitry does not offer any guarantee or warranty to its accuracy. Use this information at your own risk. See full Disclaimer.

Current Version

As of December, 2016, the current Security+ version is Security+ SY0-401. There is speculation that version Security+ SY0-501 should be released December, 2017.

General Characteristics

Exam Description	CompTIA Security+ certification covers network security, compliance and operation security, threats and vulnerabilities as well as application, data and host security. Also included are access control, identity management, and cryptography.
Type of Questions	Multiple choice and performance-based
Recommended Experience	CompTIA Network+ and two years of experience in IT administration with a security focus
Passing Score	750 (on a scale of 100-900)
Number of Questions	Maximum of 90 questions
Length of Test	90 Minutes
Languages	English, Japanese and Portuguese

Hierarchy and Presentation

The provided information is broken out into domains defined by CompTIA. Each domain is then broken down further into detailed categories and sub-categories covering all areas specified by CompTIA.

CompTIA Security+ Certification Domains:

Network Security
Compliance and Operational Security
Threats and Vulnerabilities
Application, Data and Host Security
Access Control and Identity Management
Cryptography

Acronyms

Acronyms used in this material can be found here.